scl/kubespray
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Solves #2933: Allow http_proxy, https_proxy and no_proxy environment variables in cert-manager playbook (#10162)

Browse Source
This commit is contained in:
Aleksandr Karabanov
2023-06-01 06:23:45 +03:00
committed by GitHub
parent 0b102287d1
commit 2d8f60000c
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml
View File

@ -8,6 +8,11 @@ cert_manager_dns_policy: "ClusterFirst"
cert_manager_dns_config: {} cert_manager_dns_config: {}
cert_manager_controller_extra_args: [] cert_manager_controller_extra_args: []
## Allow http_proxy, https_proxy and no_proxy environment variables
## Details https://github.com/kubernetes-sigs/kubespray/blob/master/docs/proxy.md
cert_manager_http_proxy: "{{ http_proxy|default('') }}"
cert_manager_https_proxy: "{{ https_proxy|default('') }}"
cert_manager_no_proxy: "{{ no_proxy|default('') }}"
## Change leader election namespace when deploying on GKE Autopilot that forbid the changes on kube-system namespace. ## Change leader election namespace when deploying on GKE Autopilot that forbid the changes on kube-system namespace.
## See https://github.com/jetstack/cert-manager/issues/3717 ## See https://github.com/jetstack/cert-manager/issues/3717

36
roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
View File

@ -870,6 +870,18 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
{% if cert_manager_http_proxy is defined and cert_manager_http_proxy != "" %}
- name: HTTP_PROXY
value: "{{ cert_manager_http_proxy }}"
{% endif %}
{% if cert_manager_https_proxy is defined and cert_manager_https_proxy != "" %}
- name: HTTPS_PROXY
value: "{{ cert_manager_https_proxy }}"
{% endif %}
{% if cert_manager_no_proxy is defined and cert_manager_no_proxy != "" %}
- name: NO_PROXY
value: "{{ cert_manager_no_proxy }}"
{% endif %}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -967,6 +979,18 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
{% if cert_manager_http_proxy is defined and cert_manager_http_proxy != "" %}
- name: HTTP_PROXY
value: "{{ cert_manager_http_proxy }}"
{% endif %}
{% if cert_manager_https_proxy is defined and cert_manager_https_proxy != "" %}
- name: HTTPS_PROXY
value: "{{ cert_manager_https_proxy }}"
{% endif %}
{% if cert_manager_no_proxy is defined and cert_manager_no_proxy != "" %}
- name: NO_PROXY
value: "{{ cert_manager_no_proxy }}"
{% endif %}
{% if cert_manager_trusted_internal_ca is defined %} {% if cert_manager_trusted_internal_ca is defined %}
volumeMounts: volumeMounts:
- mountPath: /etc/ssl/certs/internal-ca.pem - mountPath: /etc/ssl/certs/internal-ca.pem
@ -1083,6 +1107,18 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
{% if cert_manager_http_proxy is defined and cert_manager_http_proxy != "" %}
- name: HTTP_PROXY
value: "{{ cert_manager_http_proxy }}"
{% endif %}
{% if cert_manager_https_proxy is defined and cert_manager_https_proxy != "" %}
- name: HTTPS_PROXY
value: "{{ cert_manager_https_proxy }}"
{% endif %}
{% if cert_manager_no_proxy is defined and cert_manager_no_proxy != "" %}
- name: NO_PROXY
value: "{{ cert_manager_no_proxy }}"
{% endif %}
{% if cert_manager_tolerations %} {% if cert_manager_tolerations %}
tolerations: tolerations:
{{ cert_manager_tolerations | to_nice_yaml(indent=2) | indent(width=8) }} {{ cert_manager_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}